| In recent years,neural networks have demonstrated strong performance and have been widely used in image recognition,natural language processing,automatic driving,and other fields.However,recent studies have shown that neural networks do not perform well in the face of adversarial examples.Different methods have been proposed to reduce the harm caused by adversarial examples,which can be roughly divided into three categories.The first category is to enhance the robustness of the model itself,and adversarial training is commonly used,which requires retraining or fine-tuning of the original model and costs a lot of defense.The second is to add additional modules before the original model to remove or destroy the well-designed disturbances.Most of these methods will reduce the recognition rate of clean examples while defending against the adversarial examples.The third type is adversarial sample detection technology,which can be designed to deceive the adversarial sample of the detector when the attacker knows the detector exists,but has certain limitations.Given the above problems,this paper combined with tensor decomposition technology to carry out research,and the main work is summarized as follows:A countermeasure defense method TDDM based on tensor decomposition is proposed.In this method,the original tensor is divided into several tensor blocks,and then each tensor block is tensor decomposed to obtain the corresponding factor matrix of each tensor block.The sum of the first 10% of the factor weights in the factor matrix accounts for more than 99% of the sum of all weights.Therefore,this paper selects the factors with the highest ranking in each factor submatrix to reconstruct each tensor block and discards the matrix factors with the lowest ranking.Finally,the reconstructed tensor blocks are combined into the original tensor.TDDM can restore the data distribution of clean examples to the greatest extent,and the neural network has strong robustness to random noise.Experiments show that TDDM can transform the adversarial disturbance into ordinary random noise to resist the harm caused by the adversarial example.A tensor decomposition defense(NTDDM)method based on neural network is proposed.TDDM has a significant effect on defense adversarial examples,but the operation efficiency needs to be improved when facing a large number of examples.To solve this problem,NTDDM is further proposed.This method is realized by using neural network technology,which can make full use of existing GPU resources during decomposition and greatly improve the operation efficiency of the algorithm when facing a large number of examples.In this paper,the loss function of NTDDM is given and the update mode of factor matrix is deduced.In the process of model training,subtle gaussian noise is added to the factor matrix to improve the effect of model decomposition.Experiments show that this method has better defense effect and shorter running time compared with TDDM when facing a large number of examples.A robust score-based adversarial detection method RSDM is proposed.Aiming at the problem that the existing detection methods have a high false positive rate and the defense methods based on adding additional modules such as NTDDM can improve the recognition rate of adversarial examples while slightly reducing the recognition rate of normal examples,the model is based on the interference of subtle noise.With different feedback outputs,a robust score RS is designed to measure how close the unknown examples are to adversarial examples,and a robust score-based adversarial detection method RSDM is proposed,which has a lower false positive rate.RSDM can be combined with NTDDM method to separate normal samples and adversarial examples from unknown examples through detection method.The normal examples are directly input into the model for prediction,and the adversarial examples are input into the model for prediction through NTDDM to further improve the robustness of the model and form a perfect adversarial example defense framework. |
PDF Full Text Request